Again? Google Denies Gmail Breach as HIBP Credential Leak Causes Panic
Several media outlets have once again circulated false claims of a supposed large-scale data breach affecting Gmail, alleging the compromise of 183 million user accounts. The reports stemmed from an announcement by Troy Hunt, founder of the platform Have I Been Pwned, regarding the upload of a new database containing leaked login credentials. However, neither Google nor its Gmail service is in any way connected to this dataset. The company has officially denied all allegations of a breach, explaining that the latest wave of panic resulted from a misinterpretation of previously known compromised data.
In statements released on Monday, Google emphasized that no breach had occurred on Gmail’s side. The upload of account data to Have I Been Pwned’s notification system should not be interpreted as evidence of a single, targeted attack. Instead, it represents yet another aggregated compilation assembled by cybercriminals from multiple unrelated sources — including malware infections, phishing campaigns, brute-force attacks, and old breaches affecting tens of thousands of websites. Such collections are routinely traded across dark web forums, Telegram channels, and Discord servers, forming vast databases of credentials that eventually leak into public or semi-private repositories.
According to Hunt’s assessment, around 91% of the 183 million email addresses uploaded to Have I Been Pwned had already appeared in previous breaches, with only 16.4 million entries deemed new. This indicates that the overwhelming majority of the data has long circulated within criminal markets and does not stem from any recent compromise. Nevertheless, even outdated credentials remain dangerous, as they can still be used to infiltrate corporate networks — as seen in the Change Healthcare breach, where leaked Citrix credentials served as the initial point of entry for a widespread infection.
Google clarified that upon detecting large-scale lists of exposed accounts, it takes immediate protective measures, including password resets and assisting users in regaining control of affected accounts. The company continuously monitors such data compilations to alert users to potential risks and strengthen account protection mechanisms.
This is not the first time that sensationalist reports of a “global Gmail leak” have surfaced in the media. Just a month ago, similar headlines claimed that 2.5 billion Gmail accounts had been compromised; in reality, the incident involved a localized breach at Salesloft, which affected only a limited number of Google Workspace business accounts. Repeated misinformation of this kind not only misleads the public but also overloads support services, fueling panic and eroding trust in major platforms.
For users concerned about their cybersecurity, Google advises checking personal email addresses via Have I Been Pwned and, if necessary, changing passwords after performing a malware scan on their devices.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
